> ## Documentation Index
> Fetch the complete documentation index at: https://docs.sub.jerrylu.app/llms.txt
> Use this file to discover all available pages before exploring further.

# Preflight subscriptions collection

> Returns CORS headers for browser preflight requests.



## OpenAPI

````yaml /api/openapi.yaml options /api/v1/subscriptions
openapi: 3.1.0
info:
  title: Subscription Manager Public API
  version: 1.0.0
  description: >-
    Public API for subscription CRUD automation through Developer API keys. The
    operation descriptions include AI-oriented task semantics, risk levels, and
    confirmation guidance for agent integrations.
servers:
  - url: https://your-site.example
    description: Replace with your deployed Subscription Manager site URL.
security:
  - bearerApiKey: []
tags:
  - name: Subscriptions
    description: Create, read, update, and delete subscriptions for the API key owner.
    x-ai:
      domain: subscription_management
      ownerScope: authenticated_api_key_owner
      writeSafety: >-
        Confirm create, update, cancel, pause, resume, and delete operations
        with the user before calling them from an AI agent. Write operations
        require an API key with the write scope.
  - name: Analytics
    description: >-
      Computed spend summaries, duplicate detection, and optimization
      candidates. Read-only; money is reported per currency and never converted.
  - name: Audit
    description: Read-only audit trail of write operations performed through the API.
paths:
  /api/v1/subscriptions:
    options:
      tags:
        - Subscriptions
      summary: Preflight subscriptions collection
      description: Returns CORS headers for browser preflight requests.
      operationId: optionsSubscriptions
      responses:
        '204':
          description: Preflight accepted.
          headers:
            Access-Control-Allow-Origin:
              schema:
                type: string
                example: '*'
            Access-Control-Allow-Headers:
              schema:
                type: string
                example: Authorization, Content-Type
            Access-Control-Allow-Methods:
              schema:
                type: string
                example: GET, POST, PATCH, DELETE, OPTIONS
      security: []
components:
  securitySchemes:
    bearerApiKey:
      type: http
      scheme: bearer
      description: >-
        Developer API key generated in the app. Keys carry scopes; a read key
        can call list, get, analytics, and audit endpoints, while a write key
        additionally allows create, update, cancel, pause, resume, and delete.
      x-default: subm_your_key_here

````